System and method for using RFID tags to determine sterilization of devices

ABSTRACT

Methods and systems for controlling the usage of devices with embedded RFID tags including connecting a device to an energy source and reading data from a memory device incorporated in the device. The data may include a unique identifier (UID), a usage value, an activation value, a reprocessing value, and/or a sterilization indicator. The usage value is incremented when the device is connected to the energy source and the activation value is incremented when the device is activated permitting energy to flow from the energy source to the device. Usage of the device is prevented if the UID is on a list of prohibited UIDs, the usage value is not lower than a usage limitation value, the reprocessing value equals a reprocessing limitation value, the activation value equals an activation limitation value, and/or the sterilization indicator does not indicate that the device has been sterilized since its previous usage.

CROSS REFERENCE TO RELATED APPLICATION

This application is a continuation application of U.S. patentapplication Ser. No. 14/563,059, filed on Dec. 8, 2014, which claims thebenefit of and priority to U.S. Provisional Patent Application No.61/986,999, filed on May 1, 2014, the entire contents of each of whichis hereby incorporated herein by reference.

BACKGROUND 1. Technical Field

The present disclosure relates to medical devices. More particularly,the present disclosure is directed to limited-use medical devices thatmust be sterilized between uses, and to systems and methods forcontrolling the usage of such devices by using embedded radio-frequencyidentification (RFID) tags.

2. Discussion of Related Art

Certain medical devices are capable of being used multiple times, andare thus referred to as reusable devices, while other medical devicesare configured for single use, and are thus referred to as disposabledevices. Many such reusable and disposable medical devices are designedfor a pre-determined number of uses and/or for a pre-determined usagetime between sterilization. Use of these devices beyond their prescribedusage time or number of uses may result in failure of the device and/ordamage to the device or surrounds. On the other hand, given the risingcosts of performing medical procedures, clinicians have an incentive tomaximize the reuse of medical devices.

SUMMARY

Systems and methods for controlling usage of devices by using RFID tagsembedded in the devices are provided.

According to an embodiment of the present disclosure, a method forcontrolling the usage of a device may include connecting the device toan energy source. The method may further include reading data from amemory device incorporated in the device, wherein the data may include aunique identifier (UID), a usage value, an activation value, areprocessing value, and/or a sterilization indicator. The method mayfurther include incrementing the usage value when the device isconnected to the energy source, and incrementing the activation valuewhen the device is activated permitting energy to flow from the energysource to an energy consuming component of the device. The method mayfurther include preventing usage of the device if the UID is on a listof prohibited UIDs, the usage value is not lower than a usage limitationvalue, the reprocessing value is equal to a reprocessing limitationvalue, the activation value is equal to an activation limitation value,and/or the sterilization indicator does not indicate that the device hasbeen sterilized since its previous usage.

According to another embodiment of the present disclosure, areprocessing system may include a medical device having a memory storingdata including a UID, a usage value, a reprocessing value, and a totaluse time value. The reprocessing system may further include areprocessing device which may include a data reader/writer configured toread the data stored in the memory incorporated in the medical device,authenticate the data, and update the reprocessing value in the memoryof the medical device after the medical device has been reprocessed. Thereprocessing system may further include a sterilizer configured tosterilize the device and set a sterilization indicator to “ON” after thedevice has been sterilized. Authenticating the data stored in the memoryof the medical device may include verifying that the UID is not on alist of prohibited UIDs, the usage value does not exceed a usagelimitation value, the reprocessing value is lower than the reprocessinglimitation value, and the total use time value does not exceed a totaluse time limitation value.

According to another embodiment of the present disclosure, an apparatusfor providing power to a device incorporating a memory may include aprocessor, a reader, a display, and/or a data port. The apparatus may beconfigured to connect to the device incorporating the memory and readdata from the memory incorporated in the device, wherein the data mayinclude a UID, a usage value, an activation value, a reprocessing value,and/or a sterilization indicator. The apparatus may be furtherconfigured to increment the usage value when the device is connected tothe energy source, and increment the activation value when the device isactivated permitting energy to flow from the energy source to an energyconsuming component of the device. The apparatus may be furtherconfigured to prevent usage of the device if the UID is on a list ofprohibited UIDs, the usage value is not lower than a usage limitationvalue, the reprocessing value is equal to a reprocessing limitationvalue, the activation value is equal to an activation limitation value,and/or the sterilization indicator does not indicate that the device hasbeen sterilized since a previous usage.

Any of the above aspects and embodiments of the present disclosure maybe combined without departing from the scope of the present disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

Objects and features of the presently disclosed system and method willbecome apparent to those of ordinary skill in the art when descriptionsof various embodiments thereof are read with reference to theaccompanying drawings, of which:

FIG. 1 is a diagram of a system for controlling usage of devices withembedded memory devices, in accordance with an embodiment of the presentdisclosure;

FIG. 2 is a diagram illustrating a schema according to which data may bewritten to a memory device embedded in a device, in accordance with anembodiment of the present disclosure; and

FIGS. 3A-3B depict a flowchart illustrating a method by which datastored in the device may be authenticated, in accordance with anembodiment of the present disclosure.

FIG. 4 depicts a flowchart illustrating a method controlling the usageof devices with memory devices embedded in the devices during ordinaryuse of the devices, in accordance with an embodiment of the presentdisclosure.

FIGS. 5A-5B depict a flowchart illustrating a method by which deviceswith embedded memory devices may be reprocessed, in accordance with anembodiment of the present disclosure.

DETAILED DESCRIPTION

The present disclosure provides a system and method for controllingusage of devices. Specifically the present disclosure is directed todevices, systems and methods employing memory devices, including forexample radio frequency identification devices (RFID) defining one ormore use parameters.

Although the present disclosure will be described in terms of a specificembodiment, it will be readily apparent to those skilled in this artthat various modifications, rearrangements and substitutions may be madewithout departing from the spirit of the present disclosure. The scopeof the present disclosure is defined by the claims appended hereto.

FIG. 1 depicts a diagram of an exemplary system for controlling usage ofa device by using a memory device embedded in the device. A system 100may include a device 110, a generator 120, a reprocessing facility 130,and a central server 140. Generator 120 and reprocessing facility 130may be connected to central server 140 via a network 150. Network 150may include a local area network (LAN), a wide area network (WAN), awireless network (WiFi), and/or the Internet.

Device 110 may include, among other things, a memory device 111. Memorydevice 111 may be, for example, a radio frequency identification (RFID)tag, a programmable read-only memory (PROM), or the like, and in turnmay include a storage 112 and a communication device 113. Storage 112may include data 114, cyclic redundancy check (CRC) value 117, andsterilization indicator 118. Data 114 may include locked data 115 andunlocked data 116. Communication device 113 may be, for example, a radiofrequency (RF) communication system, a WiFi communication system, aBluetooth (BT) communication system, or the like. Device 110 may beconnectable to generator 120. Generator 120 may act as a power sourcefor device 110, and device 110 may at times be connected to generator120 to allow power to flow to device 110. Generator 120 may also connectwirelessly to device 110, such as via an electromagnetic field, to readand/or write data from or to memory device 111. Generator 120 mayinclude, among other things, a reader 121, a processor 122, a display123, and a data port 124. Reprocessing facility 130 may include, amongother things, a reprocessing data reader/writer 131 and a sterilizingdevice 132. Central server 140 may include, among other things, acentral database 141. Generator 120 and/or reprocessing facility 130 mayalso include a database either separate from or linked to centraldatabase 141.

FIG. 2 depicts a schema according to which data 114 may be stored in thestorage 112 on the device 110. The schema may include data which islocked, meaning that it cannot be overwritten, as well as data that isunlocked and may be updated or changed during the use of the device 110.Locked data 115 is typically read-only data that is written to thestorage 112 during the manufacture of the device 110.

Locked data typically cannot be overwritten by the generator 120 or evenby the reprocessing facility 130. Unlocked data 116 includes data fieldsthat, even if written to the storage 112 during manufacture of thedevice 110, may be overwritten or updated by the generator 120 or thereprocessing facility 130 during use or reprocessing of the device 110.

Locked data 115 may include, for example, a device universalidentification (UID), a single use time limitation value, a total usetime limitation value, a reprocessing limitation value, a usagelimitation value, and an activation limitation value. The unlocked data116 may include, for example, a reprocessing value, a data versionvalue, a usage value, an activation value, a total use time value, and anumber of slots wherein timestamps may be written.

As explained in more detail below, the device UID is a unique codeassigned to the device 110 to identify it from other devices. The singleuse limitation value is the maximum amount of time that the device 110may be used during a single usage before it must be reprocessed byreprocessing facility 130. The total use time limitation is the maximumamount of time that the device 110 may be used over its lifetime. Thereprocessing limitation value is the maximum number of times that thedevice 110 may be reprocessed over its lifetime. The usage limitationvalue is the maximum number of times that the device 110 may be usedover its lifetime. The activation limitation value is the maximum numberof times that the device 110 may be activated during a single usage. Thereprocessing value indicates the number of times that the device 110 hasalready been reprocessed during its lifetime. The data version valueindicates the version of the data 114 that is written to the storage112. The usage value indicates the number of times that the device 110has been used during its lifetime. The activation value indicates thenumber of times that the device 110 has been activated since it was lastreprocessed. The sterilization indicator 118 indicates whether thedevice has been reprocessed since its last usage. The total use timeindicates the total amount of time that the device has been used overits lifetime. The use and interaction of these values will be furtherexplained with reference to FIGS. 3-5 below.

FIGS. 3A-3B depict an exemplary method of authenticating the data 114stored in the storage 112 of the device 110. The data 114 may beauthenticated before use of the device 110 is permitted. Processing maybegin at step S302 when the device 110 is connected to an energy source,such as generator 120, allowing power to flow to the device 110. Thepower flowing to device 110 may include electromagnetic power, such asan electromagnetic field, to activate memory device 111 but not theother components of device 110. The power flowing to device 110 mayfurther include electrosurgical power which may power all of device 110and may be restricted from flowing to device 110 until the data ismarked as authenticated at step S326. At step S304, the data 114 is readfrom the storage 112 of device 110 and copied to the generator 120. All,or only a select portion, of the data 114 may be copied to generator120.

At step S306, the usage value is compared with the usage limitationvalue stored on the generator 120. If the usage value is equal to orhigher than the usage limitation value, processing proceeds to step S324where usage of the device is prevented. If the usage value is lower thanthe usage limitation value, processing proceeds to step S308. Bycomparing the usage value to the usage limitation value, the device maybe limited to a predetermined number of uses.

At step S308, the device's UID is compared with a list of prohibitedUIDs. The list of prohibited UIDs may include the UIDs of devices thatmay no longer be used. If the device's UID is on the list of prohibitedUIDs, processing proceeds to step S324. If the device's UID is not onthe list of prohibited UIDs, processing proceeds to step S310. The listof prohibited UIDs is compiled and maintained by the reprocessingfacility 130 or the manufacturer (not shown), and may include the UIDsof devices that have previously been discarded and/or UIDs that areknown to have been duplicated or otherwise tampered with. The list ofprohibited UIDs may be updated every time a device, while undergoingreprocessing, is determined to no longer be usable by adding thatdevice's UID to the list of prohibited UIDs. By comparing the device'sUID to the list of prohibited UIDs, the manufacturer may ensure thatdevices with prohibited UIDs are not returned to the market.

At step S310, the version value of the data 114 is compared with apredetermined version value. The predetermined version value may bestored in the generator 120, in the database 141, or elsewhere externalto the device. If the version value of the data 114 does not match thepredetermined version value, processing proceeds to step S324. If theversion value of the data 114 matches the predetermined version value,processing proceeds to step S312. By comparing the version value of thedata 114 with the predetermined version value, the generator 120 mayensure that it reads the correct portion of the data 114 from thestorage 112, and writes back the data 114 in the correct format so as tobe readable by device 110. The integrity of the data 114 in the storage112 may also be verified.

At step S312, the schema according to which the data 114 is written tothe storage 112 is compared to a predetermined schema. If the schemadoes not match the predetermined schema, processing proceeds to stepS324. If the schema matches the predetermined schema, processingproceeds to step S314. By comparing the schema to which the data 114 iswritten to the device storage 112 to a predetermined schema, thegenerator 120 may ensure that it reads the correct portion of the data114 from the device storage 112, and writes back the data 114 in thecorrect format so as to be readable by device 110. The integrity of thedata 114 in the storage 112 may also be verified.

At step S314, a cyclic redundancy check (CRC) value of the data 114 iscalculated. At step S316, the calculated CRC value and the CRC valueincluded in the storage 112 is compared. If the calculated CRC valuedoes not match the CRC value included in the storage 112, processingproceeds to step S324. If the calculated CRC value matches the CRC valueincluded in the storage 112, processing proceeds to step S318. Bycomparing the calculated CRC value and the CRC value included in thestorage 112, the data integrity may be verified. A mismatch between thecalculated CRC value and the CRC value included in the storage 112 mayindicate that data corruption or data tampering has occurred.

The calculated CRC value may also be compared to a previously calculatedCRC value of the data 114 stored in the database 141 and associated withthe device's UID. If these CRC values do not match, processing proceedsto step S324. If these CRC values match, processing proceeds to stepS318. By comparing the calculated CRC value to a previously calculatedCRC value stored in the database 141 and associated with the device'sUID, it may be determined whether the data has been tampered with orthat the device 110 may have been duplicated and loaded with data fromanother device. As desired, the CRC calculation can be of the lockeddata 115, the unlocked data 116, or both.

The data 114 may further be verified by using a secure authenticationkey stored by the central server 140 in database 141. The authenticationkey may be in the form of a public/private asymmetrical key combination.The generator 120 may further authenticate the device 110 by calculatinga signature of the device 110 based on the device's UID, the CRC valueof the locked data 115, and the authentication key. This calculatedsignature may then be compared with a signature stored in storage 112 orin central database 141 to verify the authenticity of device 110.

At step S318, the usage time is compared to the usage time limitation.If the usage time exceeds the usage time limitation, processing proceedsto step S324. If the usage time does not exceed the usage timelimitation, processing proceeds to step S320. By comparing the usagetime with the usage time limitation, the total length of time that thedevice is used during the lifetime of the device may be controlled tonot exceed a predetermined limit.

At step S320, the number of timestamps written to the storage 112 iscompared to a predetermined number. If the number of timestamps exceedsa predetermined number, processing proceeds to step S324 and usage ofthe device is prevented. If the number of timestamps does not exceed thepredetermined number, processing proceeds to step S322. By comparing thenumber of timestamps written to the storage 112 to the predeterminednumber, the number of uses of the device may be controlled. The numberof timestamps written to the storage 112 and the usage value may furtherbe compared to verify accuracy, since these values should be the same.Variation between the number of timestamps written to the storage 112and the usage value may indicate tampering with the data 114.

At step S322, the number of timestamps is compared with the reprocessingvalue. The reprocessing value is updated by the reprocessing facility130 when the device is reprocessed. By comparing the number oftimestamps with the reprocessing value, it may be ensured that thedevice 110 has been reprocessed since its last usage. If the number oftimestamps does not match the reprocessing value, processing proceeds tostep S324. If the number of timestamps matches the reprocessing value,processing proceeds to step S326.

If, as a result of any of the preceding inquiries, the determination ismade to execute step S324, usage of the device is prevented andprocessing ends. The display 123 of generator 120 may indicate to theuser that usage of the device 110 is prevented. The display 123 may alsoinclude the reason why usage of the device 110 is prevented.

If step S324 is never executed, at step S326, the data 114 is marked asauthenticated, the usage value is incremented, and the device is allowedto become operational. Accordingly, the generator is signaled that itmay close the necessary circuitry to allow electrosurgical energy toflow from the generator 120 to the device 110 as requested by the user.

FIG. 4 depicts a flowchart illustrating a method for controlling theusage of device 110 with storage 112 embedded therein during ordinaryuse of the device 110. Authentication, as explained above with referenceto FIG. 3, may be required before use of device 110 is permitted.Processing may begin at step S402, when a timestamp is written to device110 by generator 120 when the device is used. At step S404, thegenerator 120 verifies that the sterilization indicator 118 is set to“ON.” If the sterilization indicator 118 is not set to “ON,” processingproceeds to step S420 where activation of the device 110 is preventedand the user may be notified that the device 110 is not sterile. If thesterilization indicator is set to “ON,” the device is determined to beauthentic, and the generator 120 is signaled to allow the flow ofelectrosurgical energy to the device enabling the user to depresses anactivation switch on device 110 and execute step S406.

At step S408, the activation value is compared with the activationlimitation value which has been read from the storage 112. If theactivation value is lower than the activation limitation value,processing proceeds to step S410. If the activation value is not lowerthan the activation limitation value, processing proceeds to step S420,where activation of the device 110 is prevented. By comparing theactivation value to the activation limitation value, the device 110 maybe limited to a predetermined number of activations.

At step S410, the current time is compared with the time indicated bythe most recent timestamp. By comparing the current time to the timeindicated by the most recent timestamp, the length of time that thedevice has been in use during a single usage may be controlled. If thecurrent time is later than a predetermined time from the most recenttimestamp (e.g., exceeds a predetermined usage time limit), processingproceeds to step S420 where activation of the device 110 is prevented.If the current time is not later than a predetermined time from the mostrecent timestamp, processing proceeds to step S412. By comparing thecurrent time to the time indicated by the most recent timestamp, thelength of time of a single usage may be controlled to not exceed apredetermined amount of time.

At step S412, the single use time is compared with the single use timelimitation. If the single use time is within a predetermined time of thesingle use time limitation, processing proceeds to step S414. If thesingle use time is not within a predetermined time of the single usetime limitation, processing proceeds to step S416. At step S414, thesingle use time limitation is extended by a predetermined time, andprocessing proceeds to step S416. For example, the single use timelimitation may be extended by one hour. By comparing the single use timewith the single use time limitation, and extending the single use timelimitation if the single use time is within a predetermined time of thesingle use time limitation, it may be ensured that the device will haveenough use-time left to complete its operation up to some maximum timeperiod as set by the manufacturer.

Similarly, the total usage time limitation of the device may be extendedby a predetermined time if the total usage time is within apredetermined time of the total usage time limitation. By extending thetotal usage time limitation when the total usage time is within apredetermined time of the total usage time limitation, it may be ensuredthat the device will have enough time to complete its operation.

At step S416, the device is activated after having successfullycompleted all the startup checks, and power is allowed to flow to thedevice 110 from the generator 120. At step S418 the activation value isincremented, the sterilization value is set to “OFF,” and processingreturns to step S406 when the user again depresses the activationswitch.

FIGS. 5A-5B depict an exemplary method by which device 110 with embeddedstorage 112 may be reprocessed. Reprocessing may occur at reprocessingfacility 130 and may include, among other things, inspection of thedevice 110; removal and/or replacement of parts of device 110;retrieval, verification, and updating of data 114; sterilization ofdevice 110; and/or repackaging of device 110. Inspection of device 110may include, for example, visual inspection, x-ray inspection,electrical inspection, testing of device 110, and various other tasksthat may be performed as part of quality control.

Processing may include step S502, where the device 110 is connected to areprocessing data reader/writer 131. Thereafter, at step S504, the data114 is read from the storage 112 of device 110 and copied to thereprocessing data reader/writer 131. All, or only a select portion, ofthe data 114 may be copied to reprocessing data reader/writer 131 andstored at least temporarily either in a database at the reprocessingfacility or transmitted to central database 141 for analysis.

At step S506, the device's UID is compared with the list of prohibitedUIDs, similar to step S308 discussed above with reference to FIG. 3. Ifthe device's UID is on the list of prohibited UIDs, processing proceedsto step S528, where the device 110 is discarded. The reprocessingfacility and/or the manufacturer may be alerted that the facility whichsent device 110 for reprocessing had a device 110 that is on theprohibited list. If the device's UID is not on the list of prohibitedUIDs, processing proceeds to step S508.

At step S508, the usage value is compared with the usage limitationvalue. If the usage value exceeds the usage limitation value, processingproceeds to step S526. If the usage value does not exceed the usagelimitation value, processing proceeds to step S510.

At step S510, the total use time of the device 110 is compared with thetotal use time limitation. If the total use time exceeds the total usetime limitation, processing proceeds to step S526. If the total use timedoes not exceed the total use time limitation, processing proceeds tostep S512. By comparing the total use time to the total use timelimitation, the total amount of time that the device 110 may be usedduring its lifetime may be controlled.

At step S512, the reprocessing value is compared to the reprocessinglimitation value. If the reprocessing value is lower than thereprocessing limitation value, processing proceeds to step S514. If thereprocessing value is not lower than the reprocessing limitation value,processing proceeds to step S526. By comparing the reprocessing value tothe reprocessing limitation value, the number of times that a device canbe reprocessed during its lifetime may be controlled.

At step S514, the data 114 read from the storage 112 is compared withdata previously stored in the database 141 and associated with thedevice's UID. If the data 114 matches the data stored in the database141, processing proceeds to step S516. If the data 114 does not matchthe data stored in the database 141, processing proceeds to step S526.By comparing the data 114 read from the storage 112 with data previouslystored in the database 141, the integrity of data 114 may be verified.As will be appreciated, this data comparison will be of the locked data115 as the unlocked data 116 is available for update by the generator.

At step S516, a CRC value of the data is calculated. There may bemultiple CRC values calculated for all, or just specific portions of thedata 114. For example, CRC values for the locked data 115 and unlockeddata 116 may be calculated separately. Thereafter, at step S518, thecalculated CRC value is compared with the CRC value stored in thestorage 112. If the calculated CRC value does not match the CRC valueincluded in the storage 112, processing proceeds to step S526. If thecalculated CRC value matches the CRC value included in the storage 112,processing proceeds to step S520. By comparing the calculated CRC valueand the CRC value included in the storage 112, the data integrity may beverified. A mismatch between the calculated CRC value and the CRC valueincluded in the storage 112 may indicate that data corruption or datatampering has occurred.

The calculated CRC value may also be compared to a previously calculatedCRC value of the data 114 stored in the database 141 and associated withthe device's UID. If these CRC values do not match, processing proceedsto step S526. If these CRC values match, processing proceeds to stepS520. By comparing the calculated CRC value to a previously calculatedCRC value stored in the database 141 and associated with the device'sUID, it may be determined whether the data has been tampered with orthat the device 110 may have been duplicated and loaded with data fromanother device.

At step S520, the schema according to which the data 114 is written tothe storage 112 is compared to a predetermined schema. If the schemadoes not match the predetermined schema, processing proceeds to stepS524. If the schema matches the predetermined schema, processingproceeds to step S522. By comparing the schema to which the data 114 iswritten to the device storage 112 to a predetermined schema, theintegrity of data 114 may be verified.

At step S522, the version value of the data 114 is compared with apredetermined version value. The predetermined version value may bestored in the reprocessing data reader/writer 131, in the database 141,or elsewhere external to the device. If the version value of the data114 does not match the predetermined version value, processing proceedsto step S524. If the version value of the data 114 matches thepredetermined version value, processing proceeds to step S530. Bycomparing the version value of the data 114 with the predeterminedversion value, the integrity of data 114 may be verified.

At step S524, the data 114 on the device 110 is updated after havingbeen determined in steps S520 or S522 that the schema or version valueof the data 114 does not match the predetermined schema or predeterminedversion value. Processing then proceeds to step S530.

At step S526, the UID of device 110 may be added to the list ofprohibited UIDs, after it was determined in steps S508, S510, and/orS512 that the device 110 has reached the end of its lifetime, or insteps S514 and/or S518 that the device 110 has been tampered with orduplicated. Step S526 is optional and may be skipped as desiredpermitting processing to proceed to step S528, where the device isdiscarded.

At step S530, the reprocessing value is updated to reflect that thedevice has been reprocessed. Thereafter, at step S532 new CRC values ofthe data 114 and the unlocked data 116 are calculated. These new CRCvalues will be different from previous CRC values, because the data 114has been updated. The CRC value of the locked data 115 is notrecalculated and would not have changed, because the locked data 115cannot be altered. Thereafter, at step S534, the new CRC values arewritten to the storage 112.

At step S536, the device 110 is sterilized. The sterilization of device110 may be performed by, for example, sterilization device 132. Methodsof sterilization of device 110 may include using ethylene oxide (EtO),steam, gamma, among others. After the device 110 has been sterilized, atstep S538, the sterilization indicator 118 is set to “ON” indicatingthat the device has been sterilized.

Alternatively, the sterilization indicator 118 may only be set when thedevice 110 has been repackaged and is being shipped out from thereprocessing facility 130. Sterilization indicators of multiple devicesmay be set as a batch by using a wireless connection, such as by usingan electromagnetic field. By delaying the setting of the sterilizationindicator 118 until the device 110 is shipped out from the reprocessingfacility 130, the device 110 will not be usable if it is stolen afterreprocessing and sterilization but prior to the sterilization indicatorbeing set. In another embodiment, device 110 may include multiplesterilization indicators corresponding to the number of times the device110 may be sterilized over its lifetime, with a new sterilizationindicator being set after each sterilization process is completed. Instill another embodiment, where the devices are packaged in bulk, asterilization indicator may be external to the devices and attached tothe bulk packaging, and may be used similarly to the method describedabove to verify that the devices in the bulk packaging has beensterilized.

At step S540, the data 114 read from the storage 112 is stored in thedatabase 141 and associated with the UID of device 110. All of the data114, or only a portion of the data 114, may be stored in the database141. Thereafter, at step S542, the device 110 is returned to the market.

Although embodiments have been described in detail with reference to theaccompanying drawings for the purpose of illustration and description,it is to be understood that the inventive processes and apparatus arenot to be construed as limited thereby. It will be apparent to those ofordinary skill in the art that various modifications to the foregoingembodiments may be made without departing from the scope of thedisclosure.

What is claimed is:
 1. A method for reprocessing usage of a medicalapparatus, the method comprising: connecting the medical apparatus to areprocessing apparatus; reading, by the reprocessing apparatus, lockeddata and unlocked data from a storage incorporated in the medicalapparatus, the locked data including a unique identifier (UID) andlimitation values and the unlocked data including a usage value, anactivation value, and a reprocessing value; determining whether or notthe medical apparatus is able to be reprocessed based on the locked dataand the unlocked data; adding the UID of the medical apparatus to aprohibited list stored at a central server when the medical apparatus isdetermined not to be able to be reprocessed; and when the medicalapparatus is determined to be able be reprocessed: calculating a cyclicredundancy check (CRC) value based on one or more of the locked data orthe unlocked data; reading a CRC value stored in a storage incorporatedin the medical apparatus; comparing the CRC value stored in the storagewith the calculated CRC value; and adding the UID of the medicalapparatus to the prohibited list stored at the central server when theCRC value does not match the calculated CRC value.
 2. The method ofclaim 1, wherein the medical apparatus is determined not to be able tobe reprocessed when the UID is included in the prohibited list stored atthe central server.
 3. The method of claim 1, wherein the medicalapparatus is determined not to be able to be reprocessed when thereprocessing value is greater than or equal to a reprocessing limitationvalue among the limitation values.
 4. The method of claim 1, wherein themedical apparatus is determined not to be able to be reprocessed whenthe usage value is greater than a total use time limitation value amongthe limitation values.
 5. The method of claim 1, further comprising:comparing schema of the locked data and the unlocked data with apredetermined schema for the medical apparatus.
 6. The method of claim5, further comprising: updating the unlocked data when the schema doesnot match the predetermined schema.
 7. A reprocessing apparatus forreprocessing usage of a medical apparatus, the reprocessing apparatuscomprising: a data reader/writer configured to: read locked data andunlocked data from a storage incorporated in the medical apparatus, thelocked data including a unique identifier (UID) and limitation valuesand the unlocked data including a usage value, an activation value, anda reprocessing value; determine whether or not the medical apparatus isable to be reprocessed based on the locked data and the unlocked dataupdate the reprocessing value stored in the storage of the medicalapparatus after the medical apparatus has been reprocessed; add the UIDof the medical apparatus to a prohibited list stored at a central serverwhen the medical apparatus is determined not to be able to bereprocessed; and when the medical apparatus is determined to be able tobe reprocessed: calculate a cyclic redundancy check (CRC) value based onone or more of the locked data or the unlocked data; read a CRC valuestored in the storage incorporated in the medical apparatus; compare theCRC value stored in the storage with the calculated CRC value; and addthe UID of the medical apparatus to the prohibited list stored at thecentral server when the CRC value does not match the calculated CRCvalue; and a sterilizer configured to: sterilize the medical apparatus,when the medical apparatus is determined to be able to be reprocessed.8. The reprocessing apparatus of claim 7, wherein the data reader/writeris further configured to determine the medical apparatus as not able tobe reprocessed when the UID is included in the prohibited list stored atthe central server.
 9. The reprocessing apparatus of claim 7, whereinthe data reader/writer is further configured to determine the medicalapparatus as not able to be reprocessed when the reprocessing value isgreater than or equal to a reprocessing limitation value among thelimitation values.
 10. The reprocessing apparatus of claim 7, whereinthe data reader/writer is further configured to determine the medicalapparatus as not able to be reprocessed when the usage value is greaterthan a total use time limitation value among the limitation values. 11.The reprocessing apparatus of claim 7, wherein the data reader/writer isfurther configured to compare schema of the locked data and the unlockeddata with a predetermined schema for the medical apparatus.
 12. Thereprocessing apparatus of claim 11, wherein the data reader/writer isfurther configured to update the unlocked data when the schema does notmatch the predetermined schema.
 13. A reprocessing system comprising: amedical apparatus having a storage storing locked data and unlockeddata, the locked data including a unique identifier (UID) and limitationvalues and the unlocked data including a usage value, an activationvalue, and a reprocessing value; and a reprocessing apparatus including:a data reader/writer configured to: read the locked data and theunlocked data in the storage incorporated in the medical apparatus;determine whether or not the medical apparatus is able to be reprocessedbased on the locked data and the unlocked data update the reprocessingvalue stored in the storage of the medical apparatus after the medicalapparatus has been reprocessed; add the UID of the medical apparatus toa prohibited list stored at a central server when the medical apparatusis determined not to be able to be reprocessed; and when the medicalapparatus is determined to be able to be reprocessed: calculate a cyclicredundancy check (CRC) value based on one or more of the locked data orthe unlocked data; read a CRC value stored in the storage incorporatedin the medical apparatus; compare the CRC value stored in the storagewith the calculated CRC value; and add the UID of the medical apparatusto the prohibited list stored at the central server when the CRC valuedoes not match the calculated CRC value; and a sterilizer configured to:sterilize the medical apparatus, when the medical apparatus isdetermined to be able to be reprocessed.